PT-2025-52695

Name of the Vulnerable Software and Affected Versions Wondershare MirrorGo version 2.0.11.346 Description Wondershare MirrorGo version 2.0.11.346 has a local privilege escalation issue. Incorrect file permissions on executable files allow unprivileged local users to replace the ElevationService.e...

CVE-2025-34135

Nagios XI versions prior to 2024R1.4.2 configure some systemd unit files with permission sets that were too permissive. In particular, the nagios.service unit had executable permissions that were not required. Overly permissive permissions on service unit files can broaden local attack surface by...

CVE-2025-34135

Nagios XI versions prior to 2024R1.4.2 configure some systemd unit files with permission sets that were too permissive. In particular, the nagios.service unit had executable permissions that were not required. Overly permissive permissions on service unit files can broaden local attack surface by...

CVE-2025-34135

Nagios XI versions prior to 2024R1.4.2 configure some systemd unit files with permission sets that were too permissive. In particular, the nagios.service unit had executable permissions that were not required. Overly permissive permissions on service unit files can broaden local attack surface by...

CVE-2025-34135

Nagios XI prior to 2024R1.4.2 is affected by overly permissive permissions on systemd unit files, notably nagios.service having executable permissions not required. This could broaden local attack surface. Affected versions should be updated to 2024R1.4.2 or later; monitoring advisories also note...

CVE-2025-34135 Nagios XI < 2024R1.4.2 Overly Permissive Permissions on Systemd Unit Files

Nagios XI versions prior to 2024R1.4.2 configure some systemd unit files with permission sets that were too permissive. In particular, the nagios.service unit had executable permissions that were not required. Overly permissive permissions on service unit files can broaden local attack surface by...

EUVD-2019-2475

Malware in sbrugna...

CVE-2025-41686

A low-privileged local attacker can exploit improper permissions on nssm.exe to escalate their privileges and gain administrative access...

CVE-2019-10679

Thomson Reuters Eikon 4.0.42144 allows all local users to modify the service executable file because of weak %PROGRAMFILESX86%\Thomson Reuters\Eikon permissions...

CVE-2002-1844

Microsoft Windows Media Player WMP 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges...

UBUNTU-CVE-2025-22620

gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. Thi...

RUSTSEC-2025-0001 gix-worktree-state nonexclusive checkout sets executable files world-writable

Summary gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. This causes files in a repository to be world-writable in some...

CVE-2023-49102

NZBGet 21.1 allows authenticated remote code execution because the unarchive programs 7za and unrar preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products...

NZBGet Security Vulnerabilities

NZBGet is an efficient usenet downloader from NZBGet. A security vulnerability exists in NZBGet version 21.1, which stems from the fact that the unarchiving programs 7za and unrar retain executable file permissions, and can be exploited by an attacker to execute a file by setting the value of...

Backdoor.Win32.Noknok.60 Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ecaf6a123fdf1f5660692dfc4c67a933.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Noknok.60 Vulnerability: Insecure Permissions Description: When generating an...

UBUNTU-CVE-2020-25031

checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file...

CVE-2019-14568

Improper permissions in the executable for IntelR RST before version 17.7.0.1006 may allow an authenticated user to potentially enable escalation of privilege via local access...

OneThink Frontend Cache Mechanism Has Design Flaw Vulnerability

OneThink is an open source content management framework developed by ThinkPHP team based on ThinkPHP. OneThink front-end caching mechanism has a design flaw vulnerability. Since the program caches registered usernames to a cache file in the temp directory, and the cache file has executable...

Peach Fuzz - Vulnerability Scanning Framework

This tool aims to look through files in a given directory to detect any unsafe, vulnerable, or dangerous function calls. It is designed to be extensible and easy to understand; you can "plug-and-play" modules that specify criteria on which types of files will trigger what 'scans,' in which you...

Thomson Reuters Fixed Assets CS 13.1.4 - Local Privilege Escalation

Exploit Title: Thomson Reuters Fixed Assets CS Windows 7, Windows 8 CVE : 2014-9141 Product Affected: Fixed Assets CS =13.1.4 Workstation Install Note: 2003/2008 Terminal Services/Published apps may be vulnerable, depending on system configuration. This vulnerability has been reference checked...